PSARC 2014/346 Data Acquisition library (DAQ) 2.0.2
PSARC 2014/347 snort 2.9.6.2
16915792 The default state of the snort.conf file should be reexamined.
16915848 snort should put files under /etc/snort not directly under /etc
19557337 ipfw DAQ module shouldn't be enabled on Solaris
19696371 Update daq to version 2.0.2
19696436 Update snort to version 2.9.6.2
Solaris specific changes to the snort configuration file that will be
installed under /etc/snort/.
These changes will not be submitted upstream.
--- etc/snort.conf.orig 2014-09-25 07:56:45.270217768 -0700
+++ etc/snort.conf 2014-10-06 06:02:57.202660631 -0700
@@ -101,13 +101,13 @@
# Path to your rules files (this can be a relative path)
# Note for Windows users: You are advised to make this an absolute path,
# such as: c:\snort\rules
-var RULE_PATH ../rules
-var SO_RULE_PATH ../so_rules
-var PREPROC_RULE_PATH ../preproc_rules
+var RULE_PATH rules
+var SO_RULE_PATH so_rules
+var PREPROC_RULE_PATH preproc_rules
# If you are using reputation preprocessor set these
-var WHITE_LIST_PATH ../rules
-var BLACK_LIST_PATH ../rules
+var WHITE_LIST_PATH rules
+var BLACK_LIST_PATH rules
###################################################
# Step #2: Configure the decoder. For more information, see README.decode
@@ -153,7 +153,7 @@
# Configure DAQ related options for inline operation. For more information, see README.daq
#
# config daq: <type>
-# config daq_dir: <dir>
+config daq_dir: /usr/lib/64/daq/
# config daq_mode: <mode>
# config daq_var: <var>
#
@@ -240,13 +240,13 @@
###################################################
# path to dynamic preprocessor libraries
-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
+dynamicpreprocessor directory /usr/lib/64/snort_dynamicpreprocessor/
# path to base preprocessor engine
-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
+dynamicengine /usr/lib/64/snort_dynamicengine/libsf_engine.so
# path to dynamic rules libraries
-dynamicdetection directory /usr/local/lib/snort_dynamicrules
+dynamicdetection directory /usr/lib/64/snort_dynamicrules
###################################################
# Step #5: Configure preprocessors
@@ -499,12 +499,12 @@
check_crc
# Reputation preprocessor. For more information see README.reputation
-preprocessor reputation: \
- memcap 500, \
- priority whitelist, \
- nested_ip inner, \
- whitelist $WHITE_LIST_PATH/white_list.rules, \
- blacklist $BLACK_LIST_PATH/black_list.rules
+#preprocessor reputation: \
+# memcap 500, \
+# priority whitelist, \
+# nested_ip inner, \
+# whitelist $WHITE_LIST_PATH/white_list.rules, \
+# blacklist $BLACK_LIST_PATH/black_list.rules
###################################################
# Step #6: Configure output plugins
@@ -538,123 +538,123 @@
###################################################
# site specific rules
-include $RULE_PATH/local.rules
+# include $RULE_PATH/local.rules
-include $RULE_PATH/app-detect.rules
-include $RULE_PATH/attack-responses.rules
-include $RULE_PATH/backdoor.rules
-include $RULE_PATH/bad-traffic.rules
-include $RULE_PATH/blacklist.rules
-include $RULE_PATH/botnet-cnc.rules
-include $RULE_PATH/browser-chrome.rules
-include $RULE_PATH/browser-firefox.rules
-include $RULE_PATH/browser-ie.rules
-include $RULE_PATH/browser-other.rules
-include $RULE_PATH/browser-plugins.rules
-include $RULE_PATH/browser-webkit.rules
-include $RULE_PATH/chat.rules
-include $RULE_PATH/content-replace.rules
-include $RULE_PATH/ddos.rules
-include $RULE_PATH/dns.rules
-include $RULE_PATH/dos.rules
-include $RULE_PATH/experimental.rules
-include $RULE_PATH/exploit-kit.rules
-include $RULE_PATH/exploit.rules
-include $RULE_PATH/file-executable.rules
-include $RULE_PATH/file-flash.rules
-include $RULE_PATH/file-identify.rules
-include $RULE_PATH/file-image.rules
-include $RULE_PATH/file-java.rules
-include $RULE_PATH/file-multimedia.rules
-include $RULE_PATH/file-office.rules
-include $RULE_PATH/file-other.rules
-include $RULE_PATH/file-pdf.rules
-include $RULE_PATH/finger.rules
-include $RULE_PATH/ftp.rules
-include $RULE_PATH/icmp-info.rules
-include $RULE_PATH/icmp.rules
-include $RULE_PATH/imap.rules
-include $RULE_PATH/indicator-compromise.rules
-include $RULE_PATH/indicator-obfuscation.rules
-include $RULE_PATH/indicator-scan.rules
-include $RULE_PATH/indicator-shellcode.rules
-include $RULE_PATH/info.rules
-include $RULE_PATH/malware-backdoor.rules
-include $RULE_PATH/malware-cnc.rules
-include $RULE_PATH/malware-other.rules
-include $RULE_PATH/malware-tools.rules
-include $RULE_PATH/misc.rules
-include $RULE_PATH/multimedia.rules
-include $RULE_PATH/mysql.rules
-include $RULE_PATH/netbios.rules
-include $RULE_PATH/nntp.rules
-include $RULE_PATH/oracle.rules
-include $RULE_PATH/os-linux.rules
-include $RULE_PATH/os-mobile.rules
-include $RULE_PATH/os-other.rules
-include $RULE_PATH/os-solaris.rules
-include $RULE_PATH/os-windows.rules
-include $RULE_PATH/other-ids.rules
-include $RULE_PATH/p2p.rules
-include $RULE_PATH/phishing-spam.rules
-include $RULE_PATH/policy-multimedia.rules
-include $RULE_PATH/policy-other.rules
-include $RULE_PATH/policy.rules
-include $RULE_PATH/policy-social.rules
-include $RULE_PATH/policy-spam.rules
-include $RULE_PATH/pop2.rules
-include $RULE_PATH/pop3.rules
-include $RULE_PATH/protocol-dns.rules
-include $RULE_PATH/protocol-finger.rules
-include $RULE_PATH/protocol-ftp.rules
-include $RULE_PATH/protocol-icmp.rules
-include $RULE_PATH/protocol-imap.rules
-include $RULE_PATH/protocol-nntp.rules
-include $RULE_PATH/protocol-pop.rules
-include $RULE_PATH/protocol-rpc.rules
-include $RULE_PATH/protocol-scada.rules
-include $RULE_PATH/protocol-services.rules
-include $RULE_PATH/protocol-snmp.rules
-include $RULE_PATH/protocol-telnet.rules
-include $RULE_PATH/protocol-tftp.rules
-include $RULE_PATH/protocol-voip.rules
-include $RULE_PATH/pua-adware.rules
-include $RULE_PATH/pua-other.rules
-include $RULE_PATH/pua-p2p.rules
-include $RULE_PATH/pua-toolbars.rules
-include $RULE_PATH/rpc.rules
-include $RULE_PATH/rservices.rules
-include $RULE_PATH/scada.rules
-include $RULE_PATH/scan.rules
-include $RULE_PATH/server-apache.rules
-include $RULE_PATH/server-iis.rules
-include $RULE_PATH/server-mail.rules
-include $RULE_PATH/server-mssql.rules
-include $RULE_PATH/server-mysql.rules
-include $RULE_PATH/server-oracle.rules
-include $RULE_PATH/server-other.rules
-include $RULE_PATH/server-samba.rules
-include $RULE_PATH/server-webapp.rules
-include $RULE_PATH/shellcode.rules
-include $RULE_PATH/smtp.rules
-include $RULE_PATH/snmp.rules
-include $RULE_PATH/specific-threats.rules
-include $RULE_PATH/spyware-put.rules
-include $RULE_PATH/sql.rules
-include $RULE_PATH/telnet.rules
-include $RULE_PATH/tftp.rules
-include $RULE_PATH/virus.rules
-include $RULE_PATH/voip.rules
-include $RULE_PATH/web-activex.rules
-include $RULE_PATH/web-attacks.rules
-include $RULE_PATH/web-cgi.rules
-include $RULE_PATH/web-client.rules
-include $RULE_PATH/web-coldfusion.rules
-include $RULE_PATH/web-frontpage.rules
-include $RULE_PATH/web-iis.rules
-include $RULE_PATH/web-misc.rules
-include $RULE_PATH/web-php.rules
-include $RULE_PATH/x11.rules
+# include $RULE_PATH/app-detect.rules
+# include $RULE_PATH/attack-responses.rules
+# include $RULE_PATH/backdoor.rules
+# include $RULE_PATH/bad-traffic.rules
+# include $RULE_PATH/blacklist.rules
+# include $RULE_PATH/botnet-cnc.rules
+# include $RULE_PATH/browser-chrome.rules
+# include $RULE_PATH/browser-firefox.rules
+# include $RULE_PATH/browser-ie.rules
+# include $RULE_PATH/browser-other.rules
+# include $RULE_PATH/browser-plugins.rules
+# include $RULE_PATH/browser-webkit.rules
+# include $RULE_PATH/chat.rules
+# include $RULE_PATH/content-replace.rules
+# include $RULE_PATH/ddos.rules
+# include $RULE_PATH/dns.rules
+# include $RULE_PATH/dos.rules
+# include $RULE_PATH/experimental.rules
+# include $RULE_PATH/exploit-kit.rules
+# include $RULE_PATH/exploit.rules
+# include $RULE_PATH/file-executable.rules
+# include $RULE_PATH/file-flash.rules
+# include $RULE_PATH/file-identify.rules
+# include $RULE_PATH/file-image.rules
+# include $RULE_PATH/file-java.rules
+# include $RULE_PATH/file-multimedia.rules
+# include $RULE_PATH/file-office.rules
+# include $RULE_PATH/file-other.rules
+# include $RULE_PATH/file-pdf.rules
+# include $RULE_PATH/finger.rules
+# include $RULE_PATH/ftp.rules
+# include $RULE_PATH/icmp-info.rules
+# include $RULE_PATH/icmp.rules
+# include $RULE_PATH/imap.rules
+# include $RULE_PATH/indicator-compromise.rules
+# include $RULE_PATH/indicator-obfuscation.rules
+# include $RULE_PATH/indicator-scan.rules
+# include $RULE_PATH/indicator-shellcode.rules
+# include $RULE_PATH/info.rules
+# include $RULE_PATH/malware-backdoor.rules
+# include $RULE_PATH/malware-cnc.rules
+# include $RULE_PATH/malware-other.rules
+# include $RULE_PATH/malware-tools.rules
+# include $RULE_PATH/misc.rules
+# include $RULE_PATH/multimedia.rules
+# include $RULE_PATH/mysql.rules
+# include $RULE_PATH/netbios.rules
+# include $RULE_PATH/nntp.rules
+# include $RULE_PATH/oracle.rules
+# include $RULE_PATH/os-linux.rules
+# include $RULE_PATH/os-mobile.rules
+# include $RULE_PATH/os-other.rules
+# include $RULE_PATH/os-solaris.rules
+# include $RULE_PATH/os-windows.rules
+# include $RULE_PATH/other-ids.rules
+# include $RULE_PATH/p2p.rules
+# include $RULE_PATH/phishing-spam.rules
+# include $RULE_PATH/policy-multimedia.rules
+# include $RULE_PATH/policy-other.rules
+# include $RULE_PATH/policy.rules
+# include $RULE_PATH/policy-social.rules
+# include $RULE_PATH/policy-spam.rules
+# include $RULE_PATH/pop2.rules
+# include $RULE_PATH/pop3.rules
+# include $RULE_PATH/protocol-dns.rules
+# include $RULE_PATH/protocol-finger.rules
+# include $RULE_PATH/protocol-ftp.rules
+# include $RULE_PATH/protocol-icmp.rules
+# include $RULE_PATH/protocol-imap.rules
+# include $RULE_PATH/protocol-nntp.rules
+# include $RULE_PATH/protocol-pop.rules
+# include $RULE_PATH/protocol-rpc.rules
+# include $RULE_PATH/protocol-scada.rules
+# include $RULE_PATH/protocol-services.rules
+# include $RULE_PATH/protocol-snmp.rules
+# include $RULE_PATH/protocol-telnet.rules
+# include $RULE_PATH/protocol-tftp.rules
+# include $RULE_PATH/protocol-voip.rules
+# include $RULE_PATH/pua-adware.rules
+# include $RULE_PATH/pua-other.rules
+# include $RULE_PATH/pua-p2p.rules
+# include $RULE_PATH/pua-toolbars.rules
+# include $RULE_PATH/rpc.rules
+# include $RULE_PATH/rservices.rules
+# include $RULE_PATH/scada.rules
+# include $RULE_PATH/scan.rules
+# include $RULE_PATH/server-apache.rules
+# include $RULE_PATH/server-iis.rules
+# include $RULE_PATH/server-mail.rules
+# include $RULE_PATH/server-mssql.rules
+# include $RULE_PATH/server-mysql.rules
+# include $RULE_PATH/server-oracle.rules
+# include $RULE_PATH/server-other.rules
+# include $RULE_PATH/server-samba.rules
+# include $RULE_PATH/server-webapp.rules
+# include $RULE_PATH/shellcode.rules
+# include $RULE_PATH/smtp.rules
+# include $RULE_PATH/snmp.rules
+# include $RULE_PATH/specific-threats.rules
+# include $RULE_PATH/spyware-put.rules
+# include $RULE_PATH/sql.rules
+# include $RULE_PATH/telnet.rules
+# include $RULE_PATH/tftp.rules
+# include $RULE_PATH/virus.rules
+# include $RULE_PATH/voip.rules
+# include $RULE_PATH/web-activex.rules
+# include $RULE_PATH/web-attacks.rules
+# include $RULE_PATH/web-cgi.rules
+# include $RULE_PATH/web-client.rules
+# include $RULE_PATH/web-coldfusion.rules
+# include $RULE_PATH/web-frontpage.rules
+# include $RULE_PATH/web-iis.rules
+# include $RULE_PATH/web-misc.rules
+# include $RULE_PATH/web-php.rules
+# include $RULE_PATH/x11.rules
###################################################
# Step #8: Customize your preprocessor and decoder alerts